ClawHub
Back to skill
v1.0.0

Shopify Social Content Planner

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

The skill appears to generate social media planning text only, with no evidence of credential access, account posting, data exfiltration, or destructive behavior.

GuidanceThis skill looks generally safe for creating a social media content plan. Before using it, be aware that the included helper script uses local command-line tooling and passes your prompt to a local OpenClaw agent; avoid including sensitive business information unless you are comfortable with that local processing.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
analyze.sh
RESULT=$(openclaw agent --local --session-id "$SESSION_ID" --json -m "$PROMPT" 2>/dev/null)

The helper runs a local OpenClaw agent through Bash with a prompt built from the user's request. This is aligned with generating the calendar, but it is still a local command/tool handoff users should notice.

User impactYour store description is passed to a local agent process to generate the plan, rather than being handled only as static instructions.
RecommendationUse normal caution with what you include in the prompt and review the generated content before publishing it.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
analyze.sh
RESULT=$(openclaw agent --local ...); REPORT=$(echo "$RESULT" | python3 -c "...")

The helper depends on local openclaw and python3 commands, while the supplied requirements declare no required binaries. This is an under-declared dependency issue, not evidence of malicious behavior.

User impactThe skill may rely on local tools that are not visible in the registry requirements, which could affect reliability or user expectations.
RecommendationConfirm the local dependencies and source before running the helper script.